By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The worm installs a back-door on the infected system on TCP ports 3127 through 2198. Someone can use this back-door to do whatever comes to mind later. This is a serious threat. In the past, other worms have exploited back-doors left by previous worms. (Nimda springs to mind -- it used a back door left by Code Red.)

Therefore, it's important that you clean the machines on your network, because if you don't, you're going to regret it later. Recent versions of the usual antivirus software should take care of it. Symantec offers a specific tool to clean Mydoom. If you don't clean your network now, you may have a less pleasant surprise in a month or two, when some miscreant writes a follow-up worm. Fortunately, you can use that back door to your advantage, as well. Get a network scanning tool like Nmap. (If you don't have Nmap already, go to http://www.insecure.org/.) Then, scan ports 3127-3198 on your network. If you find them open, take a closer look. Unfortunately, just because you find that port open doesn't mean it's infected. Port 3128, for example, is used by some HTTP proxies. If you look at the file "/etc/services" on some friendly Unix box, it lists what the port assignments often are. That can help if you get puzzled.

For more info on this topic, visit these SearchSecurity.com resources:

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy